----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/65905/#review198629 -----------------------------------------------------------
Dis you consider switching to `sharsum(1)` so that users can also use `shasum` to verify the signature? I couldn't find a way to get `gpg` to verify the signature ... - James Peach On March 5, 2018, 3:27 p.m., Benjamin Bannier wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/65905/ > ----------------------------------------------------------- > > (Updated March 5, 2018, 3:27 p.m.) > > > Review request for mesos, Kapil Arya, Till Toenshoff, and Vinod Kone. > > > Repository: mesos > > > Description > ------- > > Apache now requires SHA checksum files instead of the previously > required MD5, see the [signing recommendations](1). This patch updates > the Mesos vote and release tooling to accommodate that change in > policy. We use SHA512 as recommended in the [Apache SHA checksum > FAQ](2). > > [1]: http://www.apache.org/dev/release-distribution#sigs-and-sums > [2]: http://www.apache.org/dev/release-signing#sha-checksum > > > Diffs > ----- > > support/release.sh 3aeda92e6bd48683cf609fa527633cd47b9f7dce > support/vote.sh 649eebc6b5fe1b3783ae0c2c1706f1349ddc436c > > > Diff: https://reviews.apache.org/r/65905/diff/2/ > > > Testing > ------- > > > Thanks, > > Benjamin Bannier > >